In recent years, the continuous evolution of malicious software (malware) has posed an increasingly significant threat to governments, research institutions, businesses, and military organizations. Numerous malware variants have been developed with the aim of exfiltrating sensitive information, compromising industrial infrastructure operations, or extorting money causing serious financial, reputational, and operational repercussions for the affected entities. Among the most widespread types of malware are rootkits, botnets, spyware, trojans, and ransomware. Many of these, despite posing a serious threat, rely on traditional asymmetric cryptographic primitives such as Key Encapsulation Mechanisms (KEMs) and Digital Signature Algorithms (DSAs), which are vulnerable to the advent of Quantum Computing. An attacker equipped with a sufficiently powerful quantum computer could employ algorithms such as Shor's and Grover's to derive private keys from public ones, thereby compromising the entire security model upon which these systems are based. Consequently, the transition towards post-quantum cryptographic algorithms becomes imperative in order to guarantee robustness and long-term resilience in such adversarial scenarios. In this context, this study proposes the design and implementation of a post-quantum ransomware/mal-ware, capable of successfully fulfilling its objectives even in the presence of an adversary with quantum capabilities. The malware leverages post-quantum cryptographic primitives, integrated with a decentralized, blockchain-based PKI infrastructure compatible with quantum-resistant algorithms, thereby ensuring the system's resilience in a post-quantum cryptographic landscape.
QuantumCry: The Engineering and Implementation of a Post-Quantum Ransomware
Castiglione, Aniello;Loia, Vincenzo;Nappi, Michele;Narducci, Fabio
2025
Abstract
In recent years, the continuous evolution of malicious software (malware) has posed an increasingly significant threat to governments, research institutions, businesses, and military organizations. Numerous malware variants have been developed with the aim of exfiltrating sensitive information, compromising industrial infrastructure operations, or extorting money causing serious financial, reputational, and operational repercussions for the affected entities. Among the most widespread types of malware are rootkits, botnets, spyware, trojans, and ransomware. Many of these, despite posing a serious threat, rely on traditional asymmetric cryptographic primitives such as Key Encapsulation Mechanisms (KEMs) and Digital Signature Algorithms (DSAs), which are vulnerable to the advent of Quantum Computing. An attacker equipped with a sufficiently powerful quantum computer could employ algorithms such as Shor's and Grover's to derive private keys from public ones, thereby compromising the entire security model upon which these systems are based. Consequently, the transition towards post-quantum cryptographic algorithms becomes imperative in order to guarantee robustness and long-term resilience in such adversarial scenarios. In this context, this study proposes the design and implementation of a post-quantum ransomware/mal-ware, capable of successfully fulfilling its objectives even in the presence of an adversary with quantum capabilities. The malware leverages post-quantum cryptographic primitives, integrated with a decentralized, blockchain-based PKI infrastructure compatible with quantum-resistant algorithms, thereby ensuring the system's resilience in a post-quantum cryptographic landscape.| File | Dimensione | Formato | |
|---|---|---|---|
|
QuantumCry_The_Engineering_and_Implementation_of_a_Post-Quantum_Ransomware_.pdf
non disponibili
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Copyright dell'editore
Dimensione
989.54 kB
Formato
Adobe PDF
|
989.54 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
